Startup Touts All-in-One Digital Credit Card 222
First time accepted submitter NoImNotNineVolt writes "Coin, a Y Combinator-backed startup, has started accepting pre-orders for a device as slim as a standard piece of payment plastic that can hold eight credit, debit, and gift cards in its dynamic magnetic stripe. Paired with the Coin smartphone app via Bluetooth low energy, card details can easily be swapped in and out of the device. A minimalist user interface on the device itself allows the owner to toggle between the loaded cards and then swipe just as they would their ordinary card. All card details are encrypted (both on the device and in the smartphone app), and the device's on-board battery is expected to last for two years of typical usage. No support for chip&pin (EMV) yet, so this may have limited utility outside of the USA. They expect to start shipping in summer of 2014."
Re:Great for CC scammers (Score:4, Informative)
Obviously, cloned cards can be a fraud tool, and fraud is illegal; and obviously most people have neither the tech nor the interest to clone mag stripe cards; but does Visa give a damn if I clone my card and swipe the clone, instead of the one they mailed me, at the point of sale? Do they claim some sort of 'despite all appearances to the contrary, card remains property of issuer, etc, etc, yadda, just shut up and swipe' clause? Have they ever been tried on that point?
There has never been anything magic (aside from convenience, getting a full-color printed, shiny holograms, embossed characters, encoded mag stripe, card in quantity 1 costs a hell of a lot more than quantity 1 zillion) about the card itself, nor do mag-stripe cards have any secrets embedded (unlike chip-and-pin, which theoretically, like a SIM, contains values that should never leave the IC under any circumstances short of silicon-level attack), and a lot of transactions occur with nothing more than the card number, since they go over the web.
I assume that if they do care, their easiest point of attack would just be to be enormous rules-lawyering dickheads about every last detail of PCI compliance, which would likely make the server/app side of things virtually impossible; but would the card-cloning itself, if not used for already illegal fraud of some kind, be an issue?
No EMV, not going to be useful by 2015 (Score:4, Informative)
I hear they're working on one that's EMV compatible, but there's no point in releasing sometime in 2014 what they've proposed now as Chip+PIN/EMV will be rolled out en-mass in the US. The networks (Visa, MC, AMEX, Discover) are starting a liability shift and most will go into effect in Oct 2015: http://en.wikipedia.org/wiki/EMV#United_States [wikipedia.org]
What this means is the liability of any card fraud that occurs after that date with be moved to the entity that hasn't implemented EMV. That includes the card issuing bank, the merchant acquirer (the entity that the merchant uses to process cards), and even the merchant itself if they refused to update their terminals or POS systems. If fraud does occur and everyone is up to date with EMV, the procedure is the same as it is today supposedly.
I personally have my reservations about the system since there have been a string of compromised terminals in the past and the banks incorrectly blamed the card holder because the system was "fraud-proof" according to them. Hopefully those shenanigans don't happen in with US banks as this rolls out.
Re:Great for CC scammers (Score:5, Informative)
This style of card is becoming more common in Europe right now, and a lot of automated terminals won't take a card that only has a magnetic stripe, apparently.
It is almost universal in Europe (95% of terminals, 85% of cards, two years ago), and plenty of other countries. A card with a chip is almost essential if you travel to Europe -- I can't remember the last time I saw a ticket machine (or similar) accept a magstripe.
http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php [creditcards.com] is informative. I'm not convinced by '"In fact, as a late adopter of EMV, there's a great upside for the industry in the U.S. because we can avoid much of the cost and complexity involved in deploying older-generation chip cards, while still reaping all of the benefits of reduced counterfeit fraud,"' -- the US industry has had 10 extra years of fraud! (I have to phone my bank before using my card in the US, and give them the dates I will be travelling. Numbers are stolen in Europe, and used on fake cards in the US.)
Re:Great for CC scammers (Score:2, Informative)
A card with a chip is almost essential if you travel to Europe -- I can't remember the last time I saw a ticket machine (or similar) accept a magstripe.
Reality check about "almost essential" – I travel to Europe quite frequently. This year alone I've been to London, Brussels, Geneva, Zurich, Vienna, Brno, plus Bangalore and Tokyo. (Not bragging, just saying'. And yeah, I'm sure lots of people have been to even more places than I have.)
I've never (never, ever, ever) had an issue paying for things with my non-chip-and-pin American credit cards. Hotels, train tickets, cab rides, meals in restaurants, buying souvenirs, food in grocery stores, and withdrawing cash from ATMs. I don't know where people get this idea that you have to have a chip-and-pin CC to get by in Europe. It's just not true.
Didn't work for iCache Geode... (Score:5, Informative)
Been there done that. This was the same thing touted by the folks at "iCache" who released a few test units of the "Geode" -- an iPhone jacket and universal card combo that could do this as well as provide support for barcodes using an e-ink window on the back of the case.
Unfortunately, the company -- after a successful Kickstarter and infusion of venture cash, crashed and burned. HARD.
http://www.zdnet.com/icache-geodes-spectacular-crash-and-burn-7000014801/
As it turns out, there were huge limitations on where this type of "cloned" card could be used -- no ATMs, no "pull through" swipers like at gas pumps... It all fell apart quite noisily with accusations of fraud and deceit on the part of the company's founders.
The bottom line is this: Payment card providers require three things: 1) the card should be signed, 2) the card should be present so the merchant can verify the expiration and CVV (or pay a CNP fee), and 3) the card provider's logo must be visible on the card. Failure to comply with any of the three means a merchant may lose his ability to accept cards to the provider. The Geode could do ONE of those things; the same goes for this card, as technically interesting as it may be.
And of course this goes out the window as NFC or chip-and-pin cards eventually come into fashion in the US (as chip-and-pin already is in Europe).
Re:Great for CC scammers (Score:2, Informative)
Signing the back of the card is your presented legal acceptance of the terms and conditions of the card itself, as the cardholder. Without that, the business that charges your card may have no legal claim to the funds you promised, since in their eyes you did not clearly and visibly accept the terms of the card. Legalese is more precise than you'd think, can vary by country/state/county/city/district, and you're naive to believe otherwise. If you ever decide to pursue an American law education, in any capacity, you will quickly learn that proof of expressed agreement means a lot in a courtroom, and that's all that really matters for most transactional disputes.